I would like to create kubernetess ingress with the same behaviour as nginx:
ssl on;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.nopass.key;
ssl_client_certificate /certs/ca.crt;
ssl_verify_client on;
I use annotations: kubernetes.io/ingress.allow-http: “false”
# Enable client certificate authentication
nginx.ingress.kubernetes .io/auth-tls-verify-client: “on”
# Create the secret containing the trusted ca certificates
nginx.ingress.kubernetes .io/auth-tls-secret: “default/ca-secret”
# Specify the verification depth in the client certificates chain
nginx.ingress.kubernetes .io/auth-tls-verify-depth: “1”
# Specify an error page to be redirected to verification errors
nginx.ingress.kubernetes .io/auth-tls-error-page: “https://www.google.com”
# Specify if certificates are passed to upstream server
nginx.ingress.kubernetes .io/auth-tls-pass-certificate-to-upstream: “true”
But, I can pass ingress with wrong client cert. I do not have the same behaviour as nginx provides.
Am I wrog anywhere or there is a bug on kubernetes side?